sys-libs/zlib: Sync with Gentoo

It's from Gentoo commit bcce32837a9006d4110f70de52323b7d7ca36a61.
2025-08-15 08:56:58 +02:00 · 2022-06-03 22:06:19 +02:00 · 2022-06-03 22:06:19 +02:00 · 89a003ea4d
commit 89a003ea4d
parent c4ff89a1a5
5 changed files with 77 additions and 7 deletions
--- a/sdk_container/src/third_party/portage-stable/sys-libs/zlib/files/zlib-1.2.12-CVE-2022-37434.patch
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/zlib/files/zlib-1.2.12-CVE-2022-37434.patch
@ -0,0 +1,55 @@
+https://bugs.gentoo.org/863851
+https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
+https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d (see https://github.com/curl/curl/issues/9271)
+
+From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001
+From: Mark Adler <fork@madler.net>
+Date: Sat, 30 Jul 2022 15:51:11 -0700
+Subject: [PATCH] Fix a bug when getting a gzip header extra field with
+ inflate().
+
+If the extra field was larger than the space the user provided with
+inflateGetHeader(), and if multiple calls of inflate() delivered
+the extra header data, then there could be a buffer overflow of the
+provided space. This commit assures that provided space is not
+exceeded.
+--- a/inflate.c
+++ b/inflate.c
+@@ -763,9 +763,10 @@ int flush;
+                 copy = state->length;
+                 if (copy > have) copy = have;
+                 if (copy) {
+                    len = state->head->extra_len - state->length;
+                     if (state->head != Z_NULL &&
+-                        state->head->extra != Z_NULL) {
+-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        len < state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);
+
+From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001
+From: Mark Adler <fork@madler.net>
+Date: Mon, 8 Aug 2022 10:50:09 -0700
+Subject: [PATCH] Fix extra field processing bug that dereferences NULL
+ state->head.
+
+The recent commit to fix a gzip header extra field processing bug
+introduced the new bug fixed here.
+--- a/inflate.c
+++ b/inflate.c
+@@ -763,10 +763,10 @@ int flush;
+                 copy = state->length;
+                 if (copy > have) copy = have;
+                 if (copy) {
+-                    len = state->head->extra_len - state->length;
+                     if (state->head != Z_NULL &&
+                         state->head->extra != Z_NULL &&
+-                        len < state->head->extra_max) {
+                        (len = state->head->extra_len - state->length) <
+                            state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);
+
--- a/sdk_container/src/third_party/portage-stable/sys-libs/zlib/zlib-1.2.11-r4.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/zlib/zlib-1.2.11-r4.ebuild
@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 EAPI=7
@ -14,6 +14,7 @@ CYGWINPATCHES=(
 DESCRIPTION="Standard (de)compression library"
 HOMEPAGE="https://zlib.net/"
 SRC_URI="https://zlib.net/${P}.tar.gz
+	https://zlib.net/fossils/${P}.tar.gz
 	http://www.gzip.org/zlib/${P}.tar.gz
 	http://www.zlib.net/current/beta/${P}.tar.gz
 	elibc_Cygwin? ( ${CYGWINPATCHES[*]} )"
--- a/sdk_container/src/third_party/portage-stable/sys-libs/zlib/zlib-1.2.11-r5.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/zlib/zlib-1.2.11-r5.ebuild
@ -14,6 +14,7 @@ CYGWINPATCHES=(
 DESCRIPTION="Standard (de)compression library"
 HOMEPAGE="https://zlib.net/"
 SRC_URI="https://zlib.net/${P}.tar.gz
+	https://zlib.net/fossils/${P}.tar.gz
 	http://www.gzip.org/zlib/${P}.tar.gz
 	http://www.zlib.net/current/beta/${P}.tar.gz
 	elibc_Cygwin? ( ${CYGWINPATCHES[*]} )"
--- a/sdk_container/src/third_party/portage-stable/sys-libs/zlib/zlib-1.2.12-r2.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/zlib/zlib-1.2.12-r2.ebuild
@ -16,6 +16,7 @@ CYGWINPATCHES=(
 DESCRIPTION="Standard (de)compression library"
 HOMEPAGE="https://zlib.net/"
 SRC_URI="https://zlib.net/${P}.tar.gz
+	https://zlib.net/fossils/${P}.tar.gz
 	https://www.gzip.org/zlib/${P}.tar.gz
 	https://www.zlib.net/current/beta/${P}.tar.gz
 	verify-sig? ( https://zlib.net/${P}.tar.gz.asc )
@ -23,7 +24,7 @@ SRC_URI="https://zlib.net/${P}.tar.gz

 LICENSE="ZLIB"
 SLOT="0/1" # subslot = SONAME
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="minizip static-libs"

 RDEPEND="!sys-libs/zlib-ng[compat]"
--- a/sdk_container/src/third_party/portage-stable/sys-libs/zlib/zlib-1.2.12-r3.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/zlib/zlib-1.2.12-r3.ebuild
@ -1,8 +1,9 @@
 # Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

-EAPI=7
+EAPI=8

+# Worth keeping an eye on 'develop' branch upstream for possible backports.
 AUTOTOOLS_AUTO_DEPEND="no"
 VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/madler.asc
 inherit autotools multilib-minimal usr-ldscript verify-sig
@ -15,6 +16,7 @@ CYGWINPATCHES=(
 DESCRIPTION="Standard (de)compression library"
 HOMEPAGE="https://zlib.net/"
 SRC_URI="https://zlib.net/${P}.tar.gz
+	https://zlib.net/fossils/${P}.tar.gz
 	https://www.gzip.org/zlib/${P}.tar.gz
 	https://www.zlib.net/current/beta/${P}.tar.gz
 	verify-sig? ( https://zlib.net/${P}.tar.gz.asc )
@ -22,7 +24,7 @@ SRC_URI="https://zlib.net/${P}.tar.gz

 LICENSE="ZLIB"
 SLOT="0/1" # subslot = SONAME
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="minizip static-libs"

 RDEPEND="!sys-libs/zlib-ng[compat]"
@ -31,14 +33,24 @@ BDEPEND="minizip? ( ${AUTOTOOLS_DEPEND} )
 	verify-sig? ( sec-keys/openpgp-keys-madler )"

 PATCHES=(
-	# bug #658536
+	# Don't install unexpected & unused crypt.h header (which would clash with other pkgs)
+	# Pending upstream. bug #658536
 	"${FILESDIR}"/${PN}-1.2.11-minizip-drop-crypt-header.patch

-	# bug #831628
+	# Respect AR, RANLIB, NM during build. Pending upstream. bug #831628
 	"${FILESDIR}"/${PN}-1.2.11-configure-fix-AR-RANLIB-NM-detection.patch

+	# Respect LDFLAGS during configure tests. Pending upstream
+	"${FILESDIR}"/${PN}-1.2.12-use-LDFLAGS-in-configure.patch
+
 	# Fix broken CC logic
-	"${FILESDIR}"/${PN}-1.2.12-fix-CC-logic-in-configure.patch
+	"${FILESDIR}"/${P}-fix-CC-logic-in-configure.patch
+
+	# Backport for Java (and others), bug #836370
+	"${FILESDIR}"/${P}-CRC-buggy-input.patch
+
+	# bug #863851
+	"${FILESDIR}"/${P}-CVE-2022-37434.patch
 )

 src_prepare() {